The forward-backward string: A new robust feature for botnet detection

Yuan Hsiang Su, Amir Rezapour, Wen-Guey Tzeng

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

We introduce the forward-backward string as a new feature which is robust against variation over payload length, the inter-arrival time of packets, and the number of packets within a flow. It represents an abstract activity of a host within a flow. The forward-backward string is packet-oriented and does not rely on payload size, the content of header and the inter-arrival time of packets. We use real-world botnet data to evaluate the performance of our new feature with some existing works. The experimental results show that the forward-backward string boosts the accuracy of existing works up to 5%. We further examine the robustness of the new feature against packet and flow level noise. The forward-backward string not only increases the accuracy but also enhances the robustness of the prior works.

Original languageEnglish
Title of host publication2017 IEEE Conference on Dependable and Secure Computing
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages485-492
Number of pages8
ISBN (Electronic)9781509055692
DOIs
StatePublished - 18 Oct 2017
Event2017 IEEE Conference on Dependable and Secure Computing - Taipei, Taiwan
Duration: 7 Aug 201710 Aug 2017

Publication series

Name2017 IEEE Conference on Dependable and Secure Computing

Conference

Conference2017 IEEE Conference on Dependable and Secure Computing
CountryTaiwan
CityTaipei
Period7/08/1710/08/17

Fingerprint Dive into the research topics of 'The forward-backward string: A new robust feature for botnet detection'. Together they form a unique fingerprint.

  • Cite this

    Su, Y. H., Rezapour, A., & Tzeng, W-G. (2017). The forward-backward string: A new robust feature for botnet detection. In 2017 IEEE Conference on Dependable and Secure Computing (pp. 485-492). [8073831] (2017 IEEE Conference on Dependable and Secure Computing). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DESEC.2017.8073831